Svoboda Cybersecurity Brief November 17, 2025

Checkout.com Data Breach Due to Legacy System

Checkout.com disclosed a breach involving a legacy third-party cloud storage system (unused since 2020) after an extortion attempt by ShinyHunters. The compromised system contained internal operational documents and merchant onboarding materials, but payment systems remained unaffected. The company refused to pay the ransom and pledged to donate the amount to cybersecurity research.
Source: DataBreaches.net

Microsoft Patches 60+ Vulnerabilities Including Zero-Day

Microsoft’s November 2025 Patch Tuesday addressed over 60 vulnerabilities, including CVE-2025-62215, a zero-day memory corruption flaw requiring prior device access. Critical fixes included CVE-2025-60274 (GDI+ graphics library) and CVE-2025-62199 (Office RCE via Preview Pane). Windows 10 users were advised to install KB5071959 to resolve enrollment issues for extended security updates.
Impact: Exploits could enable privilege escalation, RCE, or system compromise.
Mitigation: Apply patches immediately, prioritize GDI+ and Office updates.
Source: KrebsOnSecurity

Google Play to Flag Battery-Draining Android Apps

Google will label apps with excessive partial wake locks (over 2 cumulative hours per 24-hour session) on the Play Store, starting March 2026. The metric targets non-exempt wake locks (non-system, non-audio, non-user-initiated) and aims to improve battery performance, though it is not designed to detect malware.
Source: BleepingComputer

Share this brief: https://svo.bz/0iKL